What is the CVSS score of EUVD-2026-35485?

EUVD-2026-35485 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-35485?

Yes, a patch is available for EUVD-2026-35485. Update the affected software to the latest version immediately.

OpenSSL EUVD-2026-35485

| CVE-2026-42768 LOW

Covert Channel (CWE-514)

2026-06-09

GHSA-5m8f-m8jv-3rp3

OpenSSL Information Disclosure

3.7

CVSS 3.1 · Vendor

Severity by source

Vendor (CNA) PRIMARY

3.7 LOW

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (CNA) · only source for this CVE.

CVSS VectorVendor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

Jun 09, 2026 - 21:38 vuln.today

Analysis Generated

Jun 09, 2026 - 21:38 vuln.today

CVSS changed

Jun 09, 2026 - 21:22 NVD

3.7 (LOW)

CVE Published

Jun 09, 2026 - 11:43 nvd

LOW 3.7

CVE Published

Jun 09, 2026 - 11:43 nvd

UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

AnalysisAI

Bleichenbacher oracle in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions exposes RSA-encrypted message content to unauthenticated remote attackers who can submit adaptive chosen-ciphertext queries against multi-RecipientInfo CMS/PKCS7 structures. Four active OpenSSL branches are affected (3.4.x, 3.5.x, 3.6.x, and 4.0.x), with patches released under the coordinated OpenSSL security advisory on 2026-06-09. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify network-accessible CMS/PKCS7 RSA decryption endpoint

Delivery

Craft multi-RecipientInfo message with chosen RSA ciphertext

Exploit

Submit adaptive oracle query and record pass/fail response

Execution

Iterate with modified ciphertexts across thousands of queries

Persist

Converge on valid RSA plaintext via Bleichenbacher algorithm

Impact

Recover encrypted session key or message content

Access

Identify network-accessible CMS/PKCS7 RSA decryption endpoint

Delivery

Craft multi-RecipientInfo message with chosen RSA ciphertext

Exploit

Submit adaptive oracle query and record pass/fail response

Execution

Iterate with modified ciphertexts across thousands of queries

Persist

Converge on valid RSA plaintext via Bleichenbacher algorithm

Impact

Recover encrypted session key or message content

Vulnerability AssessmentAI

Exploitation	Exploitation requires that the target application expose CMS_decrypt() or PKCS7_decrypt() over a network-accessible interface where the attacker can both submit arbitrary multi-RecipientInfo RSA ciphertext messages and observe distinguishable decryption outcomes (success vs. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.7 Low score is internally consistent: AV:N confirms network reachability, but AC:H captures the inherent difficulty of the Bleichenbacher technique - tens of thousands to millions of adaptive oracle queries are typically required, generating significant detectable traffic. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with network access to an S/MIME gateway, CMS-based key management service, or PKCS7 decryption endpoint crafts a sequence of multi-RecipientInfo CMS messages with systematically varied RSA ciphertexts, submitting thousands of adaptive queries and observing whether CMS_decrypt() or PKCS7_decrypt() returns a success or failure response for each. By analyzing the binary oracle output across many iterations, the attacker progressively narrows the RSA plaintext space and ultimately recovers the session key or encrypted message content. …
Remediation	Upgrade to the vendor-released patched versions: OpenSSL 4.0.1 for the 4.0.x branch, 3.6.3 for 3.6.x, 3.5.7 for 3.5.x, or 3.4.6 for 3.4.x, as specified in the vendor advisory at https://openssl-library.org/news/secadv/20260609.txt. … Detailed patch versions, workarounds, and compensating controls in full report.